Of course the answer is yes but keep reading on to hear my theory why. If you’ve spent any amount of time with me, at some point you’ve probably heard me rant about recommending the use of open source tools and talented people over expensive COTS products. While not totally lining up with this theory exactly, here’s a great article pushing the use of open source tools (like Security Onion) for monitoring SCADA systems. Below are a few nuggets from the article to take away.
“We’re really just trying to evangelize, getting folks to start looking at what’s going in their [industrial] control systems. You can do all of this stuff with open source [tools] out there. And if you want to take advantage of automation and some GUIs, you can look at commercial software” as well, Caldwell says.
There are several open source network security monitoring tools; Caldwell and Sistrunk at S4 will demonstrate a set of tools from the open-source Security Onion Linux suite, including Wireshark, NetworkMiner, Bro, and Snorby, for network monitoring and intrusion detection.
Open-source NSM isn’t a set-it-and-forget-it process, though. “The fundamental thing is you’ve got to have people involved, using their intel to be able to say ‘this is not normal'” traffic, Caldwell says.
Read the full article here.
Today’s post pic is from Wikimedia.org. See ya!